Howdy, I request time to present https://datatracker.ietf.org/doc/draft-mattsson-acme-use-cases/ (focusing on the tunnelling illustrated in Figure 3).
I think there need be be a discussion on how ACME is supposed to work in domains with more than one web server. During the BoF Eric Rescorla briefly discussed how to tunnel the ACME protocol, i.e. the scenario illustrated in Figure 3 of draft-mattsson-use-cases. In this scenario the domain owner may like to put restrictions on the issued certificate (e.g. only certain subdomain and limited lifetime). To my understading, draft-barnes-acme would only allow the domain owner to forward or block the CSR from the web server, and then forward of block the issued certificate from the CA. And to my understanding, there is no mechanism to suggest the lifetime of the certificate. Cheers, John On 26 Jun 2015, at 19:54, Ted Hardie <[email protected]<mailto:[email protected]>> wrote: Howdy, As you've seen from the IESG announcement, ACME has been approved as a working group, so our meeting in Prague will be as a working group rather than a BoF. The IETF agenda is still tentative, but we're currently scheduled for Thursday, July 23rd, 15:20-17:20, in Karlin I/II. (There is still a chance that will change, though, so please do not tailor travel to just that time frame!) Our charter lists draft-barnes-acme as a starting point, and Rich and I are asking the authors to produce an update for the meeting. We expect some of the working group time in Prague to be a document review/discussion of that draft. If you have other agenda items you'd like to request time for, please send them to the list. thanks, Ted and Rich _______________________________________________ Acme mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/acme
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
